diff options
| author | Michael Bestas <mkbestas@lineageos.org> | 2021-10-18 18:22:55 +0300 |
|---|---|---|
| committer | Michael Bestas <mkbestas@lineageos.org> | 2021-10-18 18:22:55 +0300 |
| commit | 0e3b56cdb412e1bc868db2e7649fb6978269e196 (patch) | |
| tree | 8c7a562e32c15349815e6720076a12922f0d89dd /net | |
| parent | dea2d7ed9189653c985767477470773f6735be69 (diff) | |
| parent | bf687da3fdbe378ae33b7d4c6cbaa2dfa3993628 (diff) | |
Merge remote-tracking branch 'common/android-4.4-p' into lineage-18.1-caf-msm8998
# By Eric Dumazet (2) and others
# Via Greg Kroah-Hartman
* common/android-4.4-p:
Linux 4.4.289
perf/x86: Reset destroy callback on event init failure
scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
scsi: ses: Fix unsigned comparison with less than zero
mac80211: Drop frames from invalid MAC address in ad-hoc mode
netfilter: ip6_tables: zero-initialize fragment offset
HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing
gup: document and work around "COW can break either way" issue
i40e: fix endless loop under rtnl
netlink: annotate data races around nlk->bound
ARM: imx6: disable the GIC CPU interface before calling stby-poweroff sequence
ptp_pch: Load module automatically if ID matches
net_sched: fix NULL deref in fifo_set_limit()
phy: mdio: fix memory leak
xtensa: call irqchip_init only when CONFIG_USE_OF is selected
nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero
USB: cdc-acm: fix break reporting
USB: cdc-acm: fix racy tty buffer accesses
Change-Id: I72428b366b3ed4931d8f8e8b38c7842ed48ead22
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 1 | ||||
| -rw-r--r-- | net/mac80211/rx.c | 3 | ||||
| -rw-r--r-- | net/netlink/af_netlink.c | 14 | ||||
| -rw-r--r-- | net/sched/sch_fifo.c | 3 |
4 files changed, 16 insertions, 5 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index bd75bf199e1d..f57b72771e17 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c @@ -343,6 +343,7 @@ ip6t_do_table(struct sk_buff *skb, * things we don't know, ie. tcp syn flag or ports). If the * rule is also a fragment-specific rule, non-fragments won't * match it. */ + acpar.fragoff = 0; acpar.hotdrop = false; acpar.net = state->net; acpar.in = state->in; diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 2150a942563d..7c05981bdee9 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -3448,7 +3448,8 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx) if (!bssid) return false; if (ether_addr_equal(sdata->vif.addr, hdr->addr2) || - ether_addr_equal(sdata->u.ibss.bssid, hdr->addr2)) + ether_addr_equal(sdata->u.ibss.bssid, hdr->addr2) || + !is_valid_ether_addr(hdr->addr2)) return false; if (ieee80211_is_beacon(hdr->frame_control)) return true; diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 8014479bdd8f..715d21f95316 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -558,7 +558,10 @@ static int netlink_insert(struct sock *sk, u32 portid) /* We need to ensure that the socket is hashed and visible. */ smp_wmb(); - nlk_sk(sk)->bound = portid; + /* Paired with lockless reads from netlink_bind(), + * netlink_connect() and netlink_sendmsg(). + */ + WRITE_ONCE(nlk_sk(sk)->bound, portid); err: release_sock(sk); @@ -973,7 +976,8 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, else if (nlk->ngroups < 8*sizeof(groups)) groups &= (1UL << nlk->ngroups) - 1; - bound = nlk->bound; + /* Paired with WRITE_ONCE() in netlink_insert() */ + bound = READ_ONCE(nlk->bound); if (bound) { /* Ensure nlk->portid is up-to-date. */ smp_rmb(); @@ -1053,8 +1057,9 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr, /* No need for barriers here as we return to user-space without * using any of the bound attributes. + * Paired with WRITE_ONCE() in netlink_insert(). */ - if (!nlk->bound) + if (!READ_ONCE(nlk->bound)) err = netlink_autobind(sock); if (err == 0) { @@ -1801,7 +1806,8 @@ static int netlink_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) dst_group = nlk->dst_group; } - if (!nlk->bound) { + /* Paired with WRITE_ONCE() in netlink_insert() */ + if (!READ_ONCE(nlk->bound)) { err = netlink_autobind(sock); if (err) goto out; diff --git a/net/sched/sch_fifo.c b/net/sched/sch_fifo.c index 2e4bd2c0a50c..6c99b833f665 100644 --- a/net/sched/sch_fifo.c +++ b/net/sched/sch_fifo.c @@ -151,6 +151,9 @@ int fifo_set_limit(struct Qdisc *q, unsigned int limit) if (strncmp(q->ops->id + 1, "fifo", 4) != 0) return 0; + if (!q->ops->change) + return 0; + nla = kmalloc(nla_attr_size(sizeof(struct tc_fifo_qopt)), GFP_KERNEL); if (nla) { nla->nla_type = RTM_NEWQDISC; |